Back to search
CVE-2005-3259
Published: Oct 20, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) "search this thread" feature, (3) "search for posts" feature, (4) "forgot password" feature, (5) list parameter in userlistpre.php, and the (6) select, (7) categ, and (8) to parameters in index.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
19962
vdb-entry
x_refsource_OSVDB
15068
vdb-entry
x_refsource_BID
19963
vdb-entry
x_refsource_OSVDB
19966
vdb-entry
x_refsource_OSVDB
19964
vdb-entry
x_refsource_OSVDB
20051010 versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)
mailing-list
x_refsource_BUGTRAQ
19968
vdb-entry
x_refsource_OSVDB
19967
vdb-entry
x_refsource_OSVDB
http://rgod.altervista.org/versatile100RC2.html
x_refsource_MISC
17174
third-party-advisory
x_refsource_SECUNIA
19965
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now